[TCLUG] [Security Discuss] new sshd exploit ? (fwd)

Fri Nov 30 10:14:32 CST 2001

Seems it is just a rerun of an old exploit:

http://marc.theaimsgroup.com/?l=openssh-unix-dev&m=100698565325242&w=2

Thanks,

James Spinti
jspinti at dartdist.com
952-368-3278 x396
fax 952-368-3255 

|-----Original Message-----
|From: tclug-list-admin at mn-linux.org
|[mailto:tclug-list-admin at mn-linux.org]On Behalf Of Joshua b. Jore
|Sent: Thursday, November 29, 2001 10:32 PM
|To: tclug-list at mn-linux.org
|Subject: [TCLUG] [Security Discuss] new sshd exploit ? (fwd)
|
|
|-----BEGIN PGP SIGNED MESSAGE-----
|Hash: SHA1
|
|(forwarded from misc at openbsd.org. The affected people ran Redhat)
|
|FYI...  heads' up from the SSH mail list
|
|> > A colleague sent me a very vague e-mail, telling me that I 
|should 'disable
|> > SSHD now' because of a 'private exploit being circulated since 
|Saturday'.
|> >
|> > Anyone know anything about this?
|>
|> The following URL should give you some more information:
|> http://marc.theaimsgroup.com/?l=openssh-unix-dev&m=100696253318793&w=2
|
|Given the other issue of Kerberos pre-v3, an update to the
|latest OpenSSH 3.0+ seems warrented.
|    http://www.oreillynet.com/lpt/a/linux/2001/11/26/insecurities.html
|-----BEGIN PGP SIGNATURE-----
|Version: GnuPG v1.0.6 (OpenBSD)
|Comment: For info see http://www.gnupg.org
|
|iD8DBQE8Bu95fexLsowstzcRAn9UAJwPqCgv7n5zBAF7K4EbUGfgml2cLQCfdICG
|bS4kDoKGWmvGLrp+PXs2kiA=
|=Z8jF
|-----END PGP SIGNATURE-----
|
|_______________________________________________
|Twin Cities Linux Users Group Mailing List - Minneapolis/St. Paul, 
|Minnesota
|http://www.mn-linux.org
|tclug-list at mn-linux.org
|https://mailman.mn-linux.org/mailman/listinfo/tclug-list
|